MELTDOWN VULNERABILITY

By : admin In: Articles, Blog January 15, 2018

In the present scenario, where people are depending more and more on their smartphones and laptops or pc and storing all the essential files like personal images, confidential documents, essential passwords, etc. They are becoming more and more vulnerable to external threats. Like, if your information that you have stored on your system is not protected correctly then there are more and more opportunities for hackers to access the files of your system which includes your personal information too.

One of the vulnerabilities that can exploit your system to access your files is “MELTDOWN VULNERABILITY.” Meltdown is a very recent vulnerability found in January. Meltdown was issued a common vulnerabilities and exposures ID of CVE-2017-5754, which is also known as Rogue Data Cache Load in January 2018. The security of computer systems fundamentally relies on memory isolation, like kernel address ranges are marked as protected and are non-accessible from user access and meltdown vulnerability exploits side effects of out of order execution on modern processors to read arbitrary kernel memory locations including personal data and passwords. Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory which includes secrets of other programs and operating system.

If your computer has a vulnerable processor or even runs on an unpatched operating system, then there is a high probability of your sensitive information getting leaked. Also, the files or data stored on the clouds are not safe from this type of vulnerability. The processors that are affected by meltdown vulnerability are Intel processors. The attacker that is exploiting meltdown can execute code on the target system.

Discovery

The meltdown vulnerability was discovered very recently, and it was discovered by three independent teams.

  • Jann Horn (Google Project Zero)
  • Werner Hass, Thomas Prescher (Cyberus Technology),
  • Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology)
The next question that will arise is how to know if your system is affected by meltdown vulnerability or not. So, to answer this question, we need follow some steps.

Install the PowerShell Module from Technet ScriptCenter

Go to https://aka.ms/SpeculationControlPS
Download SpeculationControl.zip to a local folder
Extract the contents to a local folder, for example C:\ADV180002


Run the PowerShell module to validate the protections are enabled

Start PowerShell, then (using the example above) copy and run the following commands:
  • PS > # Save the current execution policy so it can be reset
  • PS > $SaveExecutionPolicy = Get-ExecutionPolicy
  • PS > Set-ExecutionPolicy RemoteSigned – Scope Currentuser
  • PS > CD c:\ADV180002\SpeculationControl
  • PS > Import-Module .\ SpeculationControl.psd1
  • PS > Get–SpeculationControlSettings
  • PS > # Reset the executionpolicy to the original state
  • PS > Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser
If the output of all the elements is true, that means that your windows are protected from meltdown vulnerability, and if it shows false, that means your system is vulnerable to meltdown.

Solution

Currently, Microsoft has issued a security bulletin and advisory to address these vulnerabilities in Windows 10. Updates/fixes for Windows 7 and 8 has been deployed on January 9.

Google has also published on the products that may be affected like YouTube, Google Ads, Chrome, etc. They have also released a Security Patch level for android phones which helps in limiting the attacks that may exploit meltdown. A separate security update for Android was also released on January 5.

Apple’s Mac operating system has been provided a patch in version 10.13.2, while 64-bit ARM kernels were also updated. The team of Mozilla browser has also confirmed that browser attacks are also possible.